Trojan Win32/bho

[Petura]

Zdravím, iobit security 360 hlásí trojan win32/bho, pc je pomalý, sekají se okna prohlížeče, opeara funguje, firefox se načítá strašně dlouho

Logfile of random's system information tool 1.08 (written by random/random)
Run by ŽOSI at 2011-01-06 09:07:19
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 125 GB (82%) free of 153 GB
Total RAM: 1023 MB (54% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{89FEBE14-1EA6-402D-B9C2-5D873E91F4A1}.job
C:\WINDOWS\tasks\User_Feed_Synchronization-{F5BE5B85-E99B-4E8F-940F-67248AA2216B}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-04-05 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-04-05 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Program Files\Překladač\WEBIE.DLL [2009-04-05 114688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-05-18 16207872]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2009-02-18 13680640]
"nwiz"=nwiz.exe /install []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-04-05 148888]
"NeroCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2009-02-18 86016]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-04-13 77824]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe [2005-11-29 40960]
"NetSoftware"=C:\Program Files\NetSoftware\Starter.exe [2009-05-05 94208]
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2005-03-10 28160]
"IObit Security 360"=C:\Program Files\IObit\IObit Security 360\IS360tray.exe [2010-06-11 1280344]
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2003-12-13 33792]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe [2008-10-31 54576]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe [2005-11-15 921600]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"OM_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe [2005-11-29 57344]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2010-07-02 2347216]
"OM2_Monitor"=C:\Program Files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [2008-10-31 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoResolveSearch"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Disabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ.exe"

======List of files/folders created in the last 1 months======

2011-01-06 09:07:19 ----D---- C:\rsit
2011-01-06 09:07:19 ----D---- C:\Program Files\trend micro
2011-01-06 08:50:08 ----D---- C:\Program Files\Eset
2011-01-06 08:50:08 ----A---- C:\WINDOWS\system32\imon.dll
2011-01-06 08:50:08 ----A---- C:\WINDOWS\system32\drivers\amon.sys
2011-01-02 19:00:17 ----A---- C:\Silverlight.exe
2010-12-26 17:42:57 ----A---- C:\WINDOWS\system32\ptpusb.dll
2010-12-26 17:42:57 ----A---- C:\WINDOWS\system32\drivers\usbscan.sys
2010-12-26 17:42:56 ----A---- C:\WINDOWS\system32\ptpusd.dll
2010-12-17 11:09:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2296199$
2010-12-17 11:09:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2443105$
2010-12-17 11:09:11 ----HDC---- C:\WINDOWS\$NtUninstallKB2440591$
2010-12-17 11:09:07 ----HDC---- C:\WINDOWS\$NtUninstallKB2443685$
2010-12-17 11:09:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2436673$
2010-12-17 11:08:58 ----HDC---- C:\WINDOWS\$NtUninstallKB2467659$
2010-12-17 11:07:24 ----HDC---- C:\WINDOWS\$NtUninstallKB2423089$
2010-12-09 10:01:55 ----HDC---- C:\WINDOWS\$NtUninstallKB2387149$
2010-12-09 10:01:47 ----HDC---- C:\WINDOWS\$NtUninstallKB2279986$
2010-12-09 10:01:39 ----HDC---- C:\WINDOWS\$NtUninstallKB2345886$
2010-12-09 10:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2296011$
2010-12-09 10:01:23 ----HDC---- C:\WINDOWS\$NtUninstallKB2378111_WM9$
2010-12-09 10:01:16 ----HDC---- C:\WINDOWS\$NtUninstallKB982132$
2010-12-09 09:58:07 ----HDC---- C:\WINDOWS\$NtUninstallKB979687$
2010-12-09 09:53:31 ----HDC---- C:\WINDOWS\$NtUninstallKB981957$
2010-12-09 09:52:19 ----HDC---- C:\WINDOWS\$NtUninstallKB2158563$
2010-12-09 09:52:03 ----HDC---- C:\WINDOWS\$NtUninstallKB2360937$

======List of files/folders modified in the last 1 months======

2011-01-06 09:07:27 ----D---- C:\WINDOWS\Prefetch
2011-01-06 09:07:19 ----RD---- C:\Program Files
2011-01-06 09:06:56 ----D---- C:\WINDOWS\Temp
2011-01-06 08:54:34 ----D---- C:\WINDOWS\Debug
2011-01-06 08:54:34 ----D---- C:\WINDOWS
2011-01-06 08:52:38 ----D---- C:\WINDOWS\system32\CatRoot2
2011-01-06 08:51:35 ----D---- C:\Program Files\NetSoftware
2011-01-06 08:50:55 ----N---- C:\WINDOWS\SchedLgU.Txt
2011-01-06 08:50:08 ----D---- C:\WINDOWS\system32\drivers
2011-01-06 08:50:08 ----D---- C:\WINDOWS\system32
2011-01-05 18:20:41 ----A---- C:\WINDOWS\winamp.ini
2011-01-04 23:27:19 ----D---- C:\Documents and Settings\ŽOSI\Data aplikací\Skype
2011-01-04 20:34:54 ----D---- C:\Documents and Settings\ŽOSI\Data aplikací\skypePM
2011-01-04 09:10:46 ----A---- C:\WINDOWS\TRNCOM.INI
2010-12-27 09:28:27 ----SHD---- C:\WINDOWS\Installer
2010-12-27 09:28:17 ----D---- C:\Program Files\OLYMPUS
2010-12-27 09:26:40 ----D---- C:\WINDOWS\WinSxS
2010-12-26 18:01:13 ----D---- C:\Program Files\Mozilla Firefox
2010-12-26 17:45:27 ----A---- C:\WINDOWS\wincmd.ini
2010-12-26 17:43:02 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-12-26 17:42:54 ----HD---- C:\WINDOWS\inf
2010-12-19 09:17:33 ----SD---- C:\WINDOWS\Tasks
2010-12-17 11:09:23 ----D---- C:\Program Files\Internet Explorer
2010-12-17 11:09:19 ----D---- C:\WINDOWS\ie8updates
2010-12-17 11:09:15 ----HD---- C:\WINDOWS\$hf_mig$
2010-12-17 11:07:30 ----A---- C:\WINDOWS\system32\MRT.exe
2010-12-17 11:07:25 ----D---- C:\Program Files\Outlook Express
2010-12-10 09:07:41 ----D---- C:\WINDOWS\CatRoot
2010-12-09 10:30:12 ----D---- C:\WINDOWS\Microsoft.NET
2010-12-09 10:30:10 ----RSD---- C:\WINDOWS\assembly
2010-12-09 09:57:01 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-12-09 08:46:51 ----D---- C:\Documents and Settings

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2009-04-05 80400]
R0 nvata;nvata; C:\WINDOWS\system32\DRIVERS\nvata.sys [2006-04-24 100736]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2008-04-13 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-11-20 43872]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2004-03-08 13567]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2009-04-05 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2009-04-05 24336]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2006-03-02 12032]
R2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
R2 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-13 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-13 60800]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-05-16 4275712]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2005-03-10 13056]
R3 LHidKe;Logitech SetPoint HID Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidKE.Sys [2005-03-10 24704]
R3 LHidUsbK;Logitech SetPoint USB Receiver device driver; C:\WINDOWS\System32\Drivers\LHidUsbK.Sys [2005-03-10 36480]
R3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2005-03-10 69504]
R3 LUsbKbd;Logitech SetPoint USB Filter Driver; C:\WINDOWS\system32\drivers\LUsbKbd.sys [2005-03-10 14592]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-13 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2009-02-18 6308224]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2006-03-22 52736]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2006-03-22 18944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 WmBEnum;Logitech Virtual Bus Enumerator Driver; C:\WINDOWS\system32\drivers\WmBEnum.sys [2005-04-12 10144]
R3 WmXlCore;Logitech WingMan Translation Layer Driver; C:\WINDOWS\system32\drivers\WmXlCore.sys [2005-04-12 45504]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 L8042mou;Logitech SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2005-03-10 53632]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WmFilter;Logitech Gaming HID Filter Driver; C:\WINDOWS\system32\drivers\WmFilter.sys [2005-04-12 22240]
S3 WmVirHid;Logitech Virtual Hid Device Driver; C:\WINDOWS\system32\drivers\WmVirHid.sys [2005-04-12 5600]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-02-09 392444]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2009-04-05 700152]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 IS360service;IS360service; C:\Program Files\IObit\IObit Security 360\IS360srv.exe [2010-06-11 312152]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-04-05 152984]
R2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe [2005-11-15 495616]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2009-02-18 163908]
R2 UxTuneUp;TuneUp Theme Extension; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-07-31 136120]
S3 idsvc;Služba Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[stell]

Zdravim
programy,IObit odinstalovat, skodlivy softver.
C:\Program Files\IObit\IObit Security 360
C:\Program Files\IObit\Advanced SystemCare 3

Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit UPLNY skan, co najde daj zmazat, log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

[Petura]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5363

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6.1.2011 10:15:26
mbam-log-2011-01-06 (10-15-26).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 218054
Uplynulý čas: 28 minut, 37 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[Petura]

mbam mě nešel z aktualizovat...jakoby něco bránilo aktualizaci

[stell]

1:Otvorte Internet.explorer.
2:Kliknite na záložku Nástroje a potom vyberte Možnosti Internetu...
3:Teraz kliknite na kartu Pripojenia.
4:Teraz kliknite na tlačidlo Nastavenie miestnej siete(LAN)
5:Teraz budete na sieti (LAN)
6:zrušte za čiarknutie, políčko, Používať proxy server pre vašu LAN. Potom stlačte tlačidlo OK.
6:Teraz môžete MBAM-aktualizovať.


Stiahnes>>OTMoveIt3 by OldTimer >.podla navodu vloz text a klik-Moveit>>log po restarte vloz sem

Kód: Vybrat vše

:processes
explorer.exe

:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
:reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify"=dword:000000
"FirewallDisableNotify"=dword:000000
"UpdatesDisableNotify"=dword:000000
"AntiVirusOverride"=dword:000000
"FirewallOverride"=dword:000000
"FirstRunDisabled"=dword:000000 
:Commands
[CreateRestorePoint]
[emptytemp]
[start explorer]
[Reboot]

[Petura]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
C:\WINDOWS\system32\drivers\SETA.tmp moved successfully.
C:\WINDOWS\NV1292660.TMP folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP10B.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP132.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1DE.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP20A.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP214.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP252.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP27C.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP339.tmp folder moved successfully.
C:\WINDOWS\system32\CONFIG.TMP moved successfully.
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusDisableNotify"|dword:000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallDisableNotify"|dword:000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"UpdatesDisableNotify"|dword:000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"AntiVirusOverride"|dword:000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirewallOverride"|dword:000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\\"FirstRunDisabled"|dword:000000 /E : value set successfully!
========== COMMANDS ==========
Restore point Set: OTM Restore Point (0)

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Katka
->Temp folder emptied: 21230126 bytes
->Temporary Internet Files folder emptied: 42615766 bytes
->Java cache emptied: 7000 bytes
->FireFox cache emptied: 53756927 bytes
->Opera cache emptied: 67802012 bytes
->Flash cache emptied: 2812 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 77404 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: ŽOSI
->Temp folder emptied: 110166 bytes
->Temporary Internet Files folder emptied: 5585640 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 26449960 bytes
->Opera cache emptied: 34330442 bytes
->Flash cache emptied: 923 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 502646 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 7734240 bytes

Total Files Cleaned = 248,00 mb


OTM by OldTimer - Version 3.1.17.2 log created on 01062011_103515

Files moved on Reboot...

Registry entries deleted on Reboot...

[stell]

ok, mas este dajaky problem s pc??

[Petura]

stále mi nejde mbam aktualizovat

[stell]

no,ak nevypisuje ziadnu chybu, tak ti v tom brani Firewall, skus vypnut Firewall

[Petura]

a firefox se strašně dlouho načítá

[stell]

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[Petura]

ComboFix 11-01-05.05 - ŽOSI 06.01.2011 10:58:37.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.1023.659 [GMT 1:00]
Spuštěný z: c:\documents and settings\ŽOSI\Plocha\ComboFix.exe
AV: Eset NOD32 antivirus system 2.50 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Rezidentní štít AV je zapnutý


VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\VM305Cap.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-06 do 2011-01-06 )))))))))))))))))))))))))))))))
.

2011-01-06 09:35 . 2011-01-06 09:35 -------- d-----w- C:\_OTM
2011-01-06 08:40 . 2011-01-06 08:40 -------- d-----w- c:\documents and settings\ŽOSI\Data aplikací\Malwarebytes
2011-01-06 08:39 . 2010-12-20 17:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-06 08:39 . 2011-01-06 08:39 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-01-06 08:39 . 2011-01-06 08:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-06 08:39 . 2010-12-20 17:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-06 08:07 . 2011-01-06 08:08 -------- d-----w- C:\rsit
2011-01-06 08:07 . 2011-01-06 08:07 -------- d-----w- c:\program files\trend micro
2011-01-06 07:50 . 2011-01-06 09:58 -------- d-----w- c:\program files\Eset
2011-01-06 07:50 . 2011-01-06 07:49 502208 ----a-w- c:\windows\system32\drivers\amon.sys
2011-01-06 07:50 . 2011-01-06 07:49 270336 ----a-w- c:\windows\system32\imon.dll
2011-01-02 18:00 . 2011-01-02 18:00 6275960 ----a-w- C:\Silverlight.exe
2010-12-27 08:31 . 2010-12-27 08:31 -------- d-----w- c:\documents and settings\ŽOSI\Local Settings\Data aplikací\OLYMPUS
2010-12-26 16:43 . 2010-12-26 16:43 -------- d-----w- c:\documents and settings\Katka\Local Settings\Data aplikací\Google
2010-12-26 16:42 . 2008-04-13 18:45 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-12-26 16:42 . 2008-04-13 18:45 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-12-26 16:42 . 2001-10-24 11:25 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-12-26 16:42 . 2008-04-14 03:21 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-12-19 08:18 . 2010-12-19 08:18 -------- d-sh--w- c:\documents and settings\Katka\IECompatCache
2010-12-17 09:57 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-17 09:57 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-09 07:15 . 2010-09-18 06:53 974848 -c----w- c:\windows\system32\dllcache\mfc42.dll
2010-12-09 07:15 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2010-12-09 07:15 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-06 09:18 . 2009-04-13 17:17 1409 ----a-w- c:\windows\QTFont.for
2010-12-02 03:35 . 2010-12-02 03:35 4280320 ----a-w- c:\windows\system32\GPhotos.scr
2010-11-18 18:15 . 2009-03-01 13:42 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:23 . 2006-03-02 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:23 . 2006-03-02 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:23 . 2006-03-02 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2006-03-02 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2006-03-02 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:09 . 2006-03-02 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:58 . 2006-03-02 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-19 20:51 . 2010-11-09 19:01 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-27 19:19 . 2010-11-27 19:19 61440 ----a-w- c:\program files\mozilla firefox\components\gemgecko.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\Monitor.exe" [2005-11-29 57344]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\MMonitor.exe" [2008-10-31 95536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 16207872]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-02-18 13680640]
"nwiz"="nwiz.exe" [2009-02-18 1657376]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-05 148888]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-02-18 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-04-13 77824]
"OM_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master\FirstStart.exe" [2005-11-29 40960]
"NetSoftware"="c:\program files\NetSoftware\Starter.exe" [2009-05-05 94208]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2005-03-10 28160]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2003-12-13 33792]
"OM2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Master 2\FirstStart.exe" [2008-10-31 54576]
"nod32kui"="c:\program files\Eset\nod32kui.exe" [2005-11-15 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\Katka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-1-15 393216]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" silent
"LDM"=c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
"Skype"="c:\program files\Skype\Phone\Skype.exe" /nosplash /minimized

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_10\bin\jusched.exe"
"BigDog305"=c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Eset\\nod32.exe"=
"c:\\Program Files\\Eset\\nod32kui.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [7.3.2009 18:16 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [7.3.2009 18:16 24336]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [5.4.2009 10:32 392444]

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Obsah adresáře 'Naplánované úlohy'

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{89FEBE14-1EA6-402D-B9C2-5D873E91F4A1}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]

2011-01-06 c:\windows\Tasks\User_Feed_Synchronization-{F5BE5B85-E99B-4E8F-940F-67248AA2216B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 02:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.xy.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.xy.cz/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\program files\Překladač\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\program files\Překladač\WEBIE.DLL
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\program files\Překladač\WEBIE.DLL
LSP: imon.dll
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {5C519EC4-2BAE-44CE-B7F5-AD0CCD4BEFBD} - hxxp://www.starvedia.com/ActiveX/axmpeg4-emx.cab
DPF: {65D72393-E210-4A2A-B8E0-10AC45986770} - hxxp://pl.recruit.netmonitor.cz/WebInstaller.dll
FF - ProfilePath - c:\documents and settings\ŽOSI\Data aplikací\Mozilla\Firefox\Profiles\4q720gx3.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-06 11:02
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(928)
c:\windows\system32\guard32.dll

- - - - - - - > 'lsass.exe'(992)
c:\windows\system32\guard32.dll
c:\windows\system32\imon.dll
.
Celkový čas: 2011-01-06 11:04:57
ComboFix-quarantined-files.txt 2011-01-06 10:04

Před spuštěním: Volných bajtů: 131 071 897 600
Po spuštění: Volných bajtů: 131 491 332 096

- - End Of File - - 456A58D0388687407DB90BC5136F148B

[stell]

c:\program files\NetSoftware\Starter.exe
otestuj na www.virustotal.com

[Petura]

File name:
Starter.exe
Submission date:
2009-09-03 17:44:14 (UTC)
Current status:
finished
Result:
0 /41 (0.0%)

[stell]

Stahni OTListIt2>> OTL
Označ položku Pro všechny uživatele.
Označ položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
do okna >vloz zeleny text a klik Klikn na tlačítko Prohledat
Po dokončení, sem vlož logy OTL.Txt a Extras.txt

Kód: Vybrat vše

msconfig
safebootminimal
activex
drivers32
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
nvraid.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90